Build swap, asb, asb-controller, orchestrator and rendezvous-node release binaries #1652
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build swap, asb, asb-controller, orchestrator and rendezvous-node release binaries" | |
| on: | |
| pull_request: | |
| release: | |
| types: [created] | |
| env: | |
| DOCKER_ASB_IMAGE_NAME: ghcr.io/eigenwallet/asb | |
| DOCKER_ASB_CONTROLLER_IMAGE_NAME: ghcr.io/eigenwallet/asb-controller | |
| concurrency: | |
| group: build-release-${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.event.release.tag_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| build_binaries: | |
| name: Build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - target: x86_64-unknown-linux-gnu | |
| host: ubuntu-22.04 | |
| archive_extension: tar | |
| do_smoke_test: true | |
| ext: "" | |
| - target: aarch64-apple-darwin | |
| host: macos-15 | |
| archive_extension: tar | |
| do_smoke_test: true | |
| ext: "" | |
| - target: x86_64-apple-darwin | |
| host: macos-15-intel | |
| archive_extension: tar | |
| do_smoke_test: true | |
| ext: "" | |
| # Once Windows works again, uncomment | |
| - target: x86_64-pc-windows-gnu | |
| host: ubuntu-22.04 | |
| archive_extension: zip | |
| do_smoke_test: false | |
| ext: ".exe" | |
| bin: | |
| - name: swap | |
| smoke_test_args: "--help" | |
| smoke_test_fake_interactive: false | |
| - name: asb | |
| smoke_test_args: "--help" | |
| smoke_test_fake_interactive: false | |
| - name: asb-controller | |
| smoke_test_args: "" | |
| smoke_test_fake_interactive: false | |
| - name: rendezvous-node | |
| smoke_test_args: "--help" | |
| smoke_test_fake_interactive: false | |
| - name: orchestrator | |
| smoke_test_args: "" | |
| smoke_test_fake_interactive: true | |
| runs-on: ${{ matrix.target.host }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup build environment (cli tools, dependencies) | |
| uses: ./.github/actions/setup-build-environment | |
| with: | |
| host: ${{ matrix.target.host }} | |
| target: ${{ matrix.target.target }} | |
| - name: Build ${{ matrix.bin.name }} in release mode | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cargo build \ | |
| --bin "${{ matrix.bin.name }}" \ | |
| --target "${{ matrix.target.target }}" \ | |
| --release | |
| BIN_DIR="target/${{ matrix.target.target }}/release" | |
| echo "BIN_PATH=$BIN_DIR/${{ matrix.bin.name }}${{ matrix.target.ext }}" >> "$GITHUB_ENV" | |
| - name: Smoke test the binary | |
| if: ${{ matrix.target.do_smoke_test }} | |
| shell: bash | |
| run: | | |
| if [[ "${{ matrix.bin.smoke_test_fake_interactive }}" == "true" ]]; then | |
| # Use script to provide pseudo-terminal for interactive binaries | |
| timeout 3s bash -c '0<&- script -qefc "${{ env.BIN_PATH }}" /dev/null | cat' || true | |
| elif [[ -n "${{ matrix.bin.smoke_test_args }}" ]]; then | |
| # Run with arguments | |
| ${{ env.BIN_PATH }} ${{ matrix.bin.smoke_test_args }} | |
| else | |
| # Run without arguments with timeout for binaries that don't support --help | |
| timeout 3s ${{ env.BIN_PATH }} || true | |
| fi | |
| - id: create-archive-name | |
| shell: python | |
| run: | | |
| import os | |
| target = "${{ matrix.target.target }}" | |
| triple = target.split("-") | |
| arch = triple[0] | |
| target_os = triple[2].lower() | |
| os_mapping = {"linux": "Linux", "windows": "Windows", "darwin": "Darwin"} | |
| if target_os not in os_mapping: | |
| raise ValueError(f"Unknown target OS: {target_os}") | |
| system = os_mapping[target_os] | |
| archive_name=f'${{ matrix.bin.name }}_${{ github.event.release.tag_name || format('pull_request_{0}', github.event.pull_request.number) }}_{system}_{arch}.${{ matrix.target.archive_extension }}' | |
| with open(os.environ['GITHUB_OUTPUT'], 'a') as output_file: | |
| output_file.write(f'archive={archive_name}\n') | |
| - name: Pack Linux/Mac binary (tar) | |
| if: ${{ matrix.target.archive_extension == 'tar' }} | |
| shell: bash | |
| run: | | |
| tar -cf ${{ steps.create-archive-name.outputs.archive }} -C $(dirname ${{ env.BIN_PATH }}) $(basename ${{ env.BIN_PATH }}) | |
| - name: Pack Windows binary (zip) | |
| if: ${{ matrix.target.archive_extension == 'zip' }} | |
| shell: bash | |
| run: | | |
| zip ${{ steps.create-archive-name.outputs.archive }} -j ${{ env.BIN_PATH }} | |
| - name: Install GnuPG (macOS) | |
| if: github.event_name == 'release' && runner.os == 'macOS' | |
| shell: bash | |
| run: | | |
| brew install gnupg | |
| - name: Install GnuPG (Linux) | |
| if: github.event_name == 'release' && runner.os == 'Linux' | |
| shell: bash | |
| run: | | |
| sudo apt-get update -y | |
| sudo apt-get install -y gnupg | |
| - name: Import GPG private key | |
| if: github.event_name == 'release' | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| if [[ -z "${GPG_PRIVATE_KEY:-}" ]]; then | |
| echo "GPG_PRIVATE_KEY secret is not set." >&2 | |
| exit 1 | |
| fi | |
| export GNUPGHOME="$(mktemp -d)" | |
| chmod 700 "$GNUPGHOME" | |
| # Allow loopback pinentry when passphrase is provided | |
| echo "allow-loopback-pinentry" >> "$GNUPGHOME/gpg-agent.conf" | |
| echo "use-agent" >> "$GNUPGHOME/gpg.conf" | |
| gpgconf --reload gpg-agent || true | |
| # Import ASCII-armored or binary private key material | |
| printf "%s" "$GPG_PRIVATE_KEY" | gpg --batch --import | |
| # Grab the first secret key fingerprint and expose it to later steps | |
| FPR="$(gpg --batch --list-secret-keys --with-colons | awk -F: '/^fpr:/ {print $10; exit}')" | |
| if [[ -z "$FPR" ]]; then | |
| echo "Failed to import a signing key." >&2 | |
| exit 1 | |
| fi | |
| echo "GNUPGHOME=$GNUPGHOME" >> "$GITHUB_ENV" | |
| echo "GPG_FPR=$FPR" >> "$GITHUB_ENV" | |
| - name: Sign archive with GPG | |
| if: github.event_name == 'release' | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| ARCHIVE="${{ steps.create-archive-name.outputs.archive }}" | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \ | |
| -u "$GPG_FPR" --armor --output "${ARCHIVE}.asc" --detach-sign "$ARCHIVE" | |
| - name: Upload archive | |
| if: github.event_name == 'release' | |
| uses: actions/upload-release-asset@v1.0.2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.BOTTY_GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ github.event.release.upload_url }} | |
| asset_path: ./${{ steps.create-archive-name.outputs.archive }} | |
| asset_name: ${{ steps.create-archive-name.outputs.archive }} | |
| asset_content_type: application/gzip | |
| - name: Upload archive signature (.asc) | |
| if: github.event_name == 'release' | |
| uses: actions/upload-release-asset@v1.0.2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.BOTTY_GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ github.event.release.upload_url }} | |
| asset_path: ./${{ steps.create-archive-name.outputs.archive }}.asc | |
| asset_name: ${{ steps.create-archive-name.outputs.archive }}.asc | |
| asset_content_type: application/pgp-signature | |
| build_and_push_docker: | |
| name: Build and Push Docker Image | |
| if: github.event_name == 'release' | |
| runs-on: ubuntu-22.04 | |
| needs: build_binaries | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup build environment (cli tools, dependencies) | |
| uses: ./.github/actions/setup-build-environment | |
| with: | |
| host: ubuntu-22.04 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set Docker tags | |
| id: docker_tags | |
| run: | | |
| if [[ ${{ github.event.release.tag_name }} == "preview" ]]; then | |
| echo "preview=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "preview=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build and push Docker image (asb) | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./swap-asb/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.DOCKER_ASB_IMAGE_NAME }}:${{ github.event.release.tag_name }} | |
| ${{ env.DOCKER_ASB_IMAGE_NAME }}:latest | |
| ${{ env.DOCKER_ASB_IMAGE_NAME }}:${{ github.sha }} | |
| if: steps.docker_tags.outputs.preview == 'false' | |
| - name: Build and push Docker image without latest tag (preview release) (asb) | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./swap-asb/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.DOCKER_ASB_IMAGE_NAME }}:${{ github.event.release.tag_name }} | |
| ${{ env.DOCKER_ASB_IMAGE_NAME }}:${{ github.sha }} | |
| if: steps.docker_tags.outputs.preview == 'true' | |
| - name: Build and push Docker image (asb-controller) | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./swap-controller/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.DOCKER_ASB_CONTROLLER_IMAGE_NAME }}:${{ github.event.release.tag_name }} | |
| ${{ env.DOCKER_ASB_CONTROLLER_IMAGE_NAME }}:latest | |
| ${{ env.DOCKER_ASB_CONTROLLER_IMAGE_NAME }}:${{ github.sha }} | |
| if: steps.docker_tags.outputs.preview == 'false' | |
| - name: Build and push Docker image without latest tag (preview release) (asb-controller) | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./swap-controller/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.DOCKER_ASB_CONTROLLER_IMAGE_NAME }}:${{ github.event.release.tag_name }} | |
| ${{ env.DOCKER_ASB_CONTROLLER_IMAGE_NAME }}:${{ github.sha }} | |
| if: steps.docker_tags.outputs.preview == 'true' |